Day: December 25, 2010

Versaloon is an open source, USB connected project, that centers around an STM32 processor and provides a standard JTAG pinout. Above you see the Nano version which has a 10-pin JTAG connector, but there is also a 20-pin option on the Handy model. Great, another JTAG programmer. Well this can do a bit more than that. With a bit of help from the software it has been turned into a programmer for ten different types of hardware. Obviously this should be able to program anything that works with the JTAG protocol, but the script adapts it to work as an In System (or In Circuit) Programmer too. So far the list of programming targets includes STM32, LPC1000, LPC900, STM8, AR8, MSP430, and a few others.

We had some trouble finding an actual picture of this hardware. If you’ve got one, snap a picture and leave a link to it in the comments along with your thoughts on the device.

Gather round and hear the story of how a hacker outsmarts a criminal. [Zoz] was robbed and they got his desktop computer. Gone, right? Nope. Because of a peculiar combination of his computer’s configuration, and the stupidity of the criminal, he got it back. He shares the tale during his Defcon 18 talk (PDF), the video is embedded after the break.

[Zoz’s] first bit of luck came because he had set up the machine to use a dynamic DNS service, updated via a script. Since the criminal didn’t wipe the hard drive he was able to find the machine online. From there he discovered that he could SSH into it, and even use VNC to eavesdrop on the new owner. This, along with a keylogger he installed, got him all the information he needed; the guy’s name, birth date, login and password information for websites, and most importantly his street address. He passed along this juicy data to police and they managed to recover the system.

Automating something involving data from the Internet can be confusing when it comes to pages generated by user input. For instance, let’s say you want to scrape data from a page that loads after using a search box. [Andrew Peng] posted a quick and dirty example to help you write your own scripts. The example he used checks stock on one of the websites he frequents. His process outlines finding the link that all searches are submitted to, establishing the method used to send the search string, and grabbing the resulting data. He parses it and sends off an email if it finds what he’s looking for. But this could be used for a lot of things, and it shouldn’t be a problem to make it alert you in any way you can imagine. Maybe we’ll use this to add some functionality to our rat.